<?php
session_start();
include_once ("../php/connect_mysql.php");
$username = $_POST['username'];
$password = md5($_POST['password']);
$code = $_POST['captcha'];

$sql = "SELECT * FROM user WHERE username = '$username' AND password = '$password'";
$result = mysqli_query($conn, $sql);
$num = mysqli_num_rows($result);//函数返回结果集中行的数量

if ($_SESSION['string'] == strtolower($code)) {
    if ($num) {
        $sql1 = "SELECT * FROM `user` WHERE username = '$username'";
        $result = $conn->query($sql1);
        $user_row1 = $result->fetch_assoc();
        $_SESSION['uid'] = $user_row1['id'];
        $_SESSION['email'] = $user_row1['email'];
        $_SESSION['username'] = $username;
        $_SESSION['headpic_path'] = $user_row1['headpic_path'];
        $_SESSION['user_group'] = $user_row1['user_group'];
        echo "<script>alert('登录成功！');window.location.href = '../index.php';</script>";
    } else {
        //echo'请输入正确的账号或密码';
        echo "<script>alert('账号和密码不匹配！');window.location.href = '../page/login_page.php';</script>";
    }
} else {
    echo "<script>alert('验证码错误！');window.location.href = '../page/login_page.php';</script>";
}
?>

